Hi everyone,
I’m relatively new to setting up Odoo servers and could use some help. I’ve installed Odoo 16 on an AWS EC2 instance using NGINX as a reverse proxy, but I’m consistently facing two issues:
Mixed Content Errors: The web editor shows mixed content warnings (HTTP/HTTPS conflicts).
Asynchronous Discuss Module: The Discuss module doesn’t work synchronously; messages or updates are delayed.
What I’ve Tried:
Adjusted NGINX headers to enforce HTTPS and secure connections.
Set proxy_mode = True in odoo.conf.
Verified SSL certificates (Let’s Encrypt) and NGINX proxy settings.
Despite this, the issues persist. Could anyone guide me on how to troubleshoot further? Here are my current configurations:
# Configuración básica para manejo de conexiones
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
multi_accept on;
}
http {
# Configuración SSL común
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES2> ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Redirección HTTP → HTTPS
server {
listen 80;
server_name my.dom.com;
rewrite ^(.*) https://$host$1 permanent;
# Configuración principal HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.dom.com wwww.my.dom.com;
# TUS RUTAS SSL (confirmadas)
ssl_certificate /etc/letsencrypt/live/my.dom.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.dom.com/privkey.pem;
# Headers de seguridad reforzados
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(),>
# Configuración de logs
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
location = /web {
return 301 https://my.dom/web/;
}
location /websocket {
proxy_pass http://odoochat;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_cookie_flags session_id samesite=lax secure; # requires nginx 1.19.8
}
# Proxy principal
location / {
sub_filter 'http://' 'https://';
sub_filter_once off;
proxy_pass http://odoo;
proxy_set_header X-Frame-Options: SAMEORIGIN
proxy_set_header X-Forwarded-Host $http_host;;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
# Cookies seguras
proxy_cookie_flags session_id samesite=lax secure;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
# Longpolling específico
location /web {
proxy_pass http://odoochat;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
# Manejo de archivos estáticos
location ~* /web/static/ {
proxy_cache_valid 200 90d;
proxy_buffering on;
add_header Cache-Control "public";
proxy_pass http://odoo_backend;
}
Bloqueo de acceso a rutas sensibles
location ~* /(web|api|auth|login|xmlrpc|jsonrpc)/ {
internal;
}
}
# Upstreams
upstream odoo_backend {
server localhost:8069;
}
upstream odoochat {
server localhost:8072;
}
}
my Odoo.conf
[options]
; ============ CONFIGURACIÓN BÁSICA ============
logfile = /var/log/odoo/odoo-server.log
log_level = debug
admin_passwd = my.pass
addons_path = /opt/odoo/addons,/opt/odoo/custom/addons
python = /opt/odoo/venv/bin/python3
; ============ BASE DE DATOS ============
db_host = localhost
db_port = 5432
db_user = odoo_prod
db_password = my.pass
list_db = True
db_maxconn = 64
; ============ SEGURIDAD Y RED ============
proxy_mode = True
x_forwarded_for = True
secure_cookie = True
web.base.url = https://my.dom.com
web.base.url.freeze = True
restrict_embedded_content = True
csrf_origin = my.dom.com
; ============ CONFIGURACIÓN DE PUERTOS ============
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069
longpolling_port = 8072
gevent_port = 8072
; ============ CONFIGURACIÓN EMAIL ============
email_from = "User <my.gmail@gmail.com>"
smtp_server = smtp.gmail.com
smtp_port = 587
smtp_user = my.gmail@gmail.com
smtp_encryption = starttls
smtp_ssl_certificate_filename = False
smtp_ssl_private_key_filename = False
; ============ OPTIMIZACIÓN ============
workers = 5
limit_memory_hard = 1677721600
limit_memory_soft = 629145600
limit_request = 8192
limit_time_cpu = 600
limit_time_real = 1200
max_cron_threads = 2
request_timeout = 300
; ============ WEBRTC ============
web_rtc_ice_servers = [{"urls": ["turn:my.dom:3478"], "username": "usuario", "credential": "contraseña"}]
web_rtc_ice_servers_fallback = [{"urls": ["stun:stun.l.google.com:19302"]}]
; ============ OTRAS CONFIGURACIONES ============
wkhtmltopdf_path = /usr/local/bin/wkhtmltopdf
server_wide_modules = web,web_editor,im_livechat
mail_channel_auto_subscribe = True
mail_channel_fetch_limit = 100
gevent_timeout = 30
mail_prefetch_threads = True
